Product Documentation

For non-discoverable flow, a successful FIDO2_0 response (accompanied by a 200 OK) will look similar to the following:

{
    "Response": {
        "challenge": "D5w1vEBUglMx-qC9h4VHDw",
        "allowCredentials": [
            {
                "type": "public-key",
                "id": "wZJwKI7v3wzm42RLEXq1VWCF_74bogrCdh74l2Ay93xKHkuDDd8VfC9Ibe62y9meVHhsEP4KHKiLG49G-I_KX8wrHCLuI0JL9JTxYC6-zt-t3eDyYmtYAWQfYCz954_1ofoxWDWWc08zUKQa_K3fXtKoZbkXykmvZhQuUOH-JSP_aL-us9K1vp8btpBiLG5D__LzPDMZUKU3zdPJl-nVP9flMXmitLpEnuEcb-Trc7FlvP_8qxpHmWwh-V5Fay8h",
                "alg": -7
            }
        ],
        "rpId": "strongkey.com"
    },
    "responseCode": "FIDO-MSG-0006",
    "skfsVersion": "4.14.0",
    "registrationVersion": "4.14.0",
    "skfsFQDN": "example.strongkey.com",
    "TXID": "1-1-73-1717793850593"
}


For a discoverable flow, a successful FIDO2_0 response (accompanied by a 200 OK) will look similar to the following:

 {
    "Response": {
        "challenge": "uOGAAks0L04PfDkR5vdhbw",
        "allowCredentials": [],
        "rpId": "strongkey.com"
    },
    "responseCode": "FIDO-MSG-0006",
    "skfsVersion": "4.14.0",
    "skfsFQDN": "example.strongkey.com",
    "TXID": "1-1-73-1717793306955",
     appTXID": "exampleappTXID"
}

Response Description

Value

Explanation

challenge

This attribute contains the name assigned by the web application to the name of the Relying Party (RP)—the company or application with which the user is interacting.

rpid

This attribute contains the RFC-6525 origin that represents the RP’s DNS domain. Only credentials registered to this rpid will qualify for providing an authentication assertionthe digital signature of the challengethus providing proof of authentication

 

allowCredentials Description 

Value

Explanation

type

This attribute indicates the type of credential from which the RP requires an assertion – the value is always “public-key” for FIDO/WebAuthn

id

This attribute contains the unique identifier – credentialId - assigned by FIDO Authenticator to the user’s registered credential

alg

This attribute contains a numerical value, which describes the Public Key algorithm from the set of COSE Algorithms the SKFS will accept for generated keys. In the example shown, the algorithm number corresponds to the following:

-7: ES256 or ECDSA with SHA-256 message digests